1 / 12

Scenario: Death of a Telecommuter

Scenario: Death of a Telecommuter. The most skilled attackers are very pragmatic They construct elaborate attacks from the building blocks we’ve discussed Consider the following scenario: Monstrous Software sells a software product called “foobar”

shadi
Download Presentation

Scenario: Death of a Telecommuter

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Scenario: Death of a Telecommuter • The most skilled attackers are very pragmatic • They construct elaborate attacks from the building blocks we’ve discussed • Consider the following scenario: • Monstrous Software sells a software product called “foobar” • Bonnie and Clyde are funded to steal source code for foobar • They don’t want to get caught, so indirection is key

  2. Scenario: Steal the Source, Luke! Monstrous Software telecommuter University in former USSR Internet Source Code Repository Firewall Monstrous Software corporate network Company in SE Asia High-profile E-commerce site

  3. Attackers Scan for Intermediaries Monstrous Software telecommuter University in former USSR Internet Source Code Repository Firewall Monstrous Software corporate network Company in SE Asia High-profile E-commerce site

  4. Send Email Spam re: Cool Game .. .. .. Monstrous Software telecommuter University in former USSR Internet SPAM! Source Code Repository Firewall Monstrous Software corporate network Company in SE Asia High-profile E-commerce site

  5. Telecommuter Gets Email through VPN .. .. .. .. Monstrous Software telecommuter University in former USSR Internet VPN Source Code Repository Gets email Firewall Monstrous Software corporate network Company in SE Asia High-profile E-commerce site

  6. Download Game: Oops, It’s a Trojan .. .. .. .. Monstrous Software telecommuter University in former USSR Internet Clicks on emaillink to download cool program Source Code Repository Firewall Monstrous Software corporate network Company in SE Asia High-profile E-commerce site

  7. Trojan Copies Itself to Intranet through VPN .. .. .. .. .. .. Monstrous Software telecommuter University in former USSR *Trojan horse backdoor Trojan searches for shares across VPN, overwriting notepad.exe VPN Source Code Repository Internet Firewall Monstrous Software corporate network Company in SE Asia High-profile E-commerce site

  8. Trojan Installed on Internal Network .. .. .. .. .. .. .. .. .. .. User runs notepad.exe,installing Trojan horse backdoor Monstrous Software telecommuter University in former USSR Trojan horse backdoor VPN Source Code Repository Internet User runs notepad.exe, installing Trojan horse backdoor Firewall Monstrous Software corporate network Company in SE Asia High-profile E-commerce site

  9. Trojan Steals Passwords .. .. .. .. .. .. .. .. .. .. Monstrous Software telecommuter University in former USSR *Trojan horse backdoor Trojan horse backdoor VPN Source Code Repository Internet Trojan dumps password hashes and emails them *Trojan horse backdoor Firewall Monstrous Software corporate network Company in SE Asia High-profile E-commerce site

  10. Attackers Retrieve Passwords .. .. .. .. .. .. .. .. .. .. Monstrous Software telecommuter University in former USSR *Trojan horse backdoor Trojan horse backdoor *L0phtCrack Source Code Repository Internet *Covert_TCP Client *Trojan horse backdoor Firewall Covert_TCP bounce *Covert_TCP Server *Netcat Redirector Monstrous Software corporate network Company in SE Asia High-profile E-commerce site

  11. Attackers Gain Access through VPN .. .. .. .. .. .. .. .. .. .. Monstrous Software telecommuter University in former USSR Trojan horse backdoor Trojan horse backdoor L0phtCrack Source Code Repository VPN Internet Covert_TCP Client Trojan horse backdoor Firewall Covert_TCP bounce Covert_TCP Server Netcat Redirector Monstrous Software corporate network Company in SE Asia High-profile E-commerce site

  12. Attackers Grab Source Code! .. .. .. .. .. .. .. .. .. .. .. .. Monstrous Software telecommuter University in former USSR Trojan horse backdoor Trojan horse backdoor L0phtCrack Source Code Repository VPN Grab source! Internet Covert_TCP Client Trojan horse backdoor Foobar source code main() ... Firewall Covert_TCP bounce Covert_TCP Server Netcat Redirector Monstrous Software corporate network Company in SE Asia High-profile E-commerce site

More Related